[Samba] Cannot change passwords on Active Directory Samba from clients
Elias Pereira
empbilly at gmail.com
Sat Jun 3 00:42:04 UTC 2017
Anything in the logs?
On Fri, Jun 2, 2017 at 8:01 PM, Luke Barone via samba <samba at lists.samba.org
> wrote:
> Hi list,
>
> We are working on getting Samba version 4.5.8-debian (on Stretch) with
> Active Directory running, and we are running into a major road block.
> Clients (Windows 7 Pro, Windows 10 Pro and Educational) cannot change their
> passwords on their own. We can force the user to reset the password for
> their next login (works), or reset the password with ADUC RSAT as the
> Domain Admin. If the user tries to use "Change Password" from the Ctrl Alt
> Delete menu, it fails with the message:
>
> Unable to update the password. The value provided for the new password does
> not meet the length complexity, or history requirements of the domain
>
> We are out of ideas, and Google is not helping much. Below is the smb.conf
> file from the main domain controller (we troubleshooted by even shutting
> down the secondary DC):
>
> # Global parameters
> [global]
> bind interfaces only = Yes
> interfaces = lo enp0s17
> netbios name = DC1
> realm = <FQDN>
> workgroup = <DOMAIN>
> dns forwarder = <DNS SERVER>
> server role = active directory domain controller
> winbind separator = /
> idmap_ldb:use rfc2307 = yes
> comment =
> [netlogon]
> path = /var/lib/samba/sysvol/<DOMAIN>/scripts
> read only = No
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> We have disabled all the password policies in Group Policy Management
> Console, as well as using samba-tool domain passwordsettings to disable any
> restrictions, such as minimum password age, and password complexity.
>
> What are our next steps?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Elias Pereira
More information about the samba
mailing list